CVE-2025-64307

Brightpick Mission Control / Internal Logic Control Missing Authentication for Critical Function

Description

The Brightpick Internal Logic Control web interface is accessible without requiring user authentication. An unauthorized user could exploit this interface to manipulate robot control functions, including initiating or halting runners, assigning jobs, clearing stations, and deploying storage totes.

INFO

Published Date :

2025-11-14T23:34:59.659Z

Last Modified :

2025-11-14T23:34:59.659Z

Source :

icscert

AFFECTED PRODUCTS

The following products are affected by CVE-2025-64307 vulnerability.

Vendors	Products
Brightpick Ai	Internal Logic Control

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-64307.

URL	Resource
https://brightpick.ai/contact-us/
https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2025/icsa-25-317-04.json
https://www.cisa.gov/news-events/ics-advisories/icsa-25-317-04

CVSS Vulnerability Scoring System

V4
V3.1

Detailed values of each vector for above chart.

Attack Vector

Attack Complexity

Attack Requirements

Privileges Required

User Interaction

VS Confidentiality

VS Integrity

VS Availability

SS Confidentiality

SS Integrity

SS Availability

Detailed values of each vector for above chart.

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality Impact

Integrity Impact

Availability Impact